Hi Mikelo, I can help with the PR, but not with the group sponsorship.
Shall we re-build also all packages depending on x/crypto? Best, Fale On Wed, Apr 13, 2022, at 15:37, Mikel Olasagasti wrote: > Hi all, > > CVE-2022-27191 was published recently for golang-x-crypto and a BZ > ticket[2] has been opened for every package that depends on it. It has > a 7.5 score for CVSS 3.x. > > FWIU, in order to fix this CVE, a new version of golang-x-crypto and > rebuilding all dependent packages is required. > > I opened a PR[3] to update golang-x-crypto as the first step. As I'm > still not part of go-sig, can someone review, merge if OK and build it > for current Fedora releases? I applied today to be a member of > go-sig[4] to help with this and other tasks, but don't know how long > it will take to be accepted. > > Kind regards, > Mikel Olasagasti (mikelo2) > > [1] https://nvd.nist.gov/vuln/detail/CVE-2022-27191 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=2064702 > [3] https://src.fedoraproject.org/rpms/golang-x-crypto/pull-request/2 > [4] https://pagure.io/GoSIG/go-sig/issue/1#comment-792166 > _______________________________________________ > golang mailing list -- golang@lists.fedoraproject.org > To unsubscribe send an email to golang-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > -- Fabio Alessandro Locati fale.io
_______________________________________________ golang mailing list -- golang@lists.fedoraproject.org To unsubscribe send an email to golang-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
